For security purposes.

for IPv4:

/etc/iptables/iptables.rules

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [15:804]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT

for IPv6:

/etc/iptables/ip6tables.rules

*filter
:INPUT DROP [13:1008]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [18:1480]
-A INPUT -i lo -j ACCEPT
-A INPUT -s fe80::/10 -j ACCEPT
-A INPUT -d ff00::/8 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s fe80::/10 -j ACCEPT
-A OUTPUT -d ff00::/8 -j ACCEPT
COMMIT

4 Comments

Leave a Reply

Your email address will not be published.